Your SlideShare is downloading. ×
0
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

8 Most Popular Joomla Hacks & How To Avoid Them

26,077

Published on

Slides from a SiteGround webinar by SiteGround Joomla Performance Guru, Daniel Kanchev. He reveals the 8 most common ways a Joomla website can get hacked and what you can do to protect yourself from …

Slides from a SiteGround webinar by SiteGround Joomla Performance Guru, Daniel Kanchev. He reveals the 8 most common ways a Joomla website can get hacked and what you can do to protect yourself from each of those hacks.

Outdated Extensions & Themes
Vulnerable Extensions & Themes
Stolen or Weak Login Details
Outdated / Vulnerable Server Software
Incorrectly Configured Web Server
Vulnerable Joomla on a Host Server
Incorrect Joomla Permissions
Local PC Malware

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
26,077
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
83
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 8 Most Popular Joomla! Hacks 
 &
 How To Avoid Them Daniel Kanchev @dvkanchev
  • 2. Daniel Kanchev @dvkanchev Before we begin … 7+ Years of Joomla! experience 5 Years with SiteGround Love FOSS Addicted to extreme sports
  • 3. SiteGround is the home of 100,000 Joomla! sites
  • 4. We face hundreds if not thousands security attacks per day …
  • 5. “Why would somebody hack me?”
  • 6. Hackers don’t really care about your site. All they care is to send some spam.
  • 7. “Security is a not a product, but a process” If anybody tells you your site is unhackable, that guy is a liar!
  • 8. 1. Outdated Joomla! Core
  • 9. Quick demo… …of Joomla! file upload security bug
  • 10. More info on the hack • All versions before 3.1.5 and 2.5.14 are vulnerable • Can be executed by anybody, no admin rights needed • The attacker can obtain full access to Joomla! and its surrounding userspace
  • 11. More info on the hack Joomla!! http://goo.gl/8YwZIk! ! Sucuri! http://goo.gl/WjLKGm! ! SiteGround! http://goo.gl/NWkZTz
  • 12. UPDATE! UPDATE! UPDATE!
  • 13. Use software to get notified and update Joomla! Core
  • 14. Admin Tools https://www.akeebabackup.com/products/admintools.html ! ! ! Watchful.li https://watchful.li/features/
  • 15. SiteGround offers Joomla! Auto Update
  • 16. Read security bulletins ! Joomla! Security News:! http://feeds.joomla.org/JoomlaSecurityNews ! Sucuri:! http://blog.sucuri.net/?s=joomla
  • 17. 2. Extensions
  • 18. Here’s a Scenario: • Your site is up to date • Your extensions are up to date • But you still get hacked… • Wonder why?
  • 19. Extension vulnerabilities • Sometimes when vulnerability in an extension is found, it takes the extension developers too much time to fix it. • Therefore it’s always good to use a WAF! • WAF = Web Application Firewall
  • 20. Popular WAFs
  • 21. SiteGround adds more than 200 mod_sec rules every week.
  • 22. Example mod_sec rule # 30.Sep.2013 # joomla com_seminar Cross site scripting Vulnerability # http://cxsecurity.com/issue/WLB-2013090184 SecFilterSelective REQUEST_FILENAME "index.php" "chain,id:00680" SecFilterSelective ARG_option "com_seminar" chain SecFilterSelective ARG_search "onmouseover"
  • 23. CloudFlare and Incapsula are advanced mod_security alike FREE services which add a CDN functionality.
  • 24. More Security Bulletins Joomla! Extensions Security News:! ! http://feeds.joomla.org/JoomlaSecurityVulnerableExtensions
  • 25. 3. Themes
  • 26. “Templates are software, not just a bunch of graphics. Template developers do release security upgrades all the time. Make sure you install them. I've seen many sites getting hacked because of a dated template with a SQL injection or XSS vulnerability.” -Nicholas Dionysopoulos
  • 27. Example RocketTheme SQL injection in their modules! ! http://www.rockettheme.com/blog/extensions/1300-important-securityvulnerability-fixed !
  • 28. WAF is good for themes too!
  • 29. 4. Weak passwords
  • 30. Let me tell you a story…
  • 31. On April 9th we got hit by a huge brute force attack towards many Joomla!s
  • 32. Bots used more than a thousand different IPs per server to scan for passes… … and we blocked more than 92,000 IPs in total across our network in just
  • 33. In 12 hours we blocked more than 15 million login requests But still, we thought many passwords were guessed
  • 34. We then tried to brute force our clients ourselves. And we were shocked how many passwords we found.
  • 35. Over 40% of our customers used Really Weak passwords.
  • 36. Let me show you how easy it is to guess a dumb password, say: “pass123” Username is admin
  • 37. So in less than 10 seconds I’ve got your password
  • 38. Tip: Change your password to a full sentence - it’s easy to remember and hard to guess like: ! “I love to watch the sunset.”
  • 39. Tip 2: Change your username! admin2 is not acceptable too ;) Try with: ! yourname_@dm1n
  • 40. Tip 3: Additionally secure your administrator login page • Allow access only from certain IP addresses • Add Captcha • Password protect the administrator folder • Use secret URL parameters
  • 41. 5. Outdated Server Software
  • 42. Old PHP 5.3 running as CGI remote execution exploit http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
  • 43. Quick demo…
  • 44. Make sure your server side software is current at all times.
  • 45. 6. Incorrectly configured server software
  • 46. Apache Symlinks bug http://seclists.org/fulldisclosure/2013/Aug/81 The Problem: public_html/fred.txt —> /home/otheracct/public_html/configuration.php The Solution: Add to httpd.conf or .htaccess file: SymLinksIfOwnerMatch
  • 47. 7. Joomla! Permissions
  • 48. Correct Joomla! Permissions set • Folders: 755 • Files: 644 • configuration.php: 444
  • 49. Incorrect Joomla! Permissions set • All: 777 • Anything more than: 755
  • 50. It’s a must to have account isolation, when hosted on shared.
  • 51. 8. Malware
  • 52. Viruses and Trojans steal your login details.
  • 53. Stay up to date on anti-virus software.
  • 54. So let’s recap… • Update your Joomla! • Update your extensions. Read security bulletins ones in a while. • Update your themes. Don’t forget that! • Use strong passwords and non default admin usernames. • Make sure your server side software is current (PHP, Apache, MySQL) • Make sure your server side software is correctly setup • Use correct file permissions for Joomla! • Watch up for that sneaky malware
  • 55. Questions?
  • 56. Thank you! ! 70% OFF HOSTING DISCOUNT ! http://www.siteground.com/webinar

×